Senior Application Security Engineer
Remote job description
A home is the biggest investment most people make, and yet, it doesn't come with a manual. That's why we're building the only app homeowners need to effortlessly manage their homes - knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $600B+ industry - we must be doing something right.
We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We're seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.
At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we'll build together.
Thumbtack by the Numbers
- Available nationwide in all 3,143 U.S. counties
- 75 million projects started on Thumbtack
- 4 million customers in the last 12 months
- Pros earn billions on our platform
- More than 9 million 5-star reviews for our stellar pros
- 1000+ employees and $3.2 billion valuation (June, 2021)
About the Security Team
At Thumbtack, application security engineers support the building of products and systems that directly impact our customers and professionals to ensure that we are deploying as secure a product as possible. We believe in tackling these hard problems together as a team, with strong values around collaboration, ownership, and transparency. To read more about the hard problems that our engineering team is taking on, visit our engineering blog.
About the Role
Thumbtack is looking for a Senior Application Security Engineer with a broad range of engineering skills, and specialized knowledge in application security, to lead security initiatives, build safe software, conduct security reviews, and potentially respond to security incidents. The ideal candidate has experience in core and security cloud services, solid Linux fundamentals, scripting, software development with modern object-oriented programming, web development, and is proficient at identifying and mitigating common web application security vulnerabilities.
The security landscape changes rapidly with new vulnerabilities and threats emerging all the time. Staying ahead of these, understanding their implications, and applying the appropriate countermeasures is a constant challenge. Embedding security within the development process, while maintaining the speed and efficiency of DevOps, involves ongoing collaboration and communication with development teams.
- Design, implement and maintain security-oriented software that makes it easier for non-security engineers to build secure products
- Collaborate with many teams and functions across Thumbtack to make technical, design, strategy, and product decisions relating to security
- Act as an internal security subject matter expert, advocating for better security practices throughout the company
- Perform security design reviews and threat modeling on-demand and as needed
- Participate in security incident response
- Grow your career in an engaged and innovative engineering community that ships transformative products and services
- Help evaluate the adoption of open source software and 3rd party integration from a security standpoint
What you'll need
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.
- 5+ years experience leading complex, technical, XFN projects (Data Platform or Infrastructure a plus)
- Experience and understanding of application and infrastructure security standards and best practices
- Experience in security hardening in a public cloud environment (AWS, GCP)
- Experience and proven ability in delivering secure products and services in a cloud environment
- Ability to think strategically at the program level, dive in and be hands-on in day-to-day action
- Experience in secure design and authoring security tools and libraries
Bonus points if you have
- Experience with conducting a penetration test, deploying static and dynamic code analyzers, orchestrating threat modeling and rapid risk assessments
- Hold an Offensive Security Certified Professional (OSCP) certification
- Familiarity with security frameworks such as OWASP (including Mobile) NIST CSF, NIST SP 800-x, COBIT, ISO-27001, PCI DSS
- Working experience with NIST Common Vulnerability Scoring System (CVSS) and Threat Modeling Framework such as STRIDE or PASTA
For candidates living in San Francisco / Bay Area, New York City, or Seattle metros, the expected salary range for the role is currently $180,000 - $250,000. Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.For candidates living in all other US locations, the expected salary range for this role is currently $170,000 - $215,000. Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines.* Learn more about our virtual-first working model here.
#LI-RemoteBenefits & Perks
- Virtual-first working model coupled with quarterly in-person events and Camp Thumbtack
- 20+ company-wide holidays including two week-long shutdowns
- Libraries (collaborative workspaces) in San Francisco, Toronto, and Manila
- Stipends for remote work support, home office set-up and Thumbtack services
- Cell phone and WiFi reimbursements
- Subscriptions and Employee Assistance Program for mental health and well-being
Learn More About Us
- Life @ Thumbtack Blog
- How Thumbtack is embracing virtual work
- Follow us on LinkedIn
- Meet the pros who inspire us
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact: firstname.lastname@example.org.
Company name: Thumbtack
Remote job title: Senior Application Security Engineer
Job tags: Cloud Services, Data Infrastructure, application security